Podcast with Jenny Radcliffe -The Human Factor

I recently recorded a podcast with social engineer Jenny Radcliffe as part of her long-running Human Factor Podcast series. We had a broad-ranging discussion from pentesting to social engineering as well as tips for getting onto the speaking circuit. Here’s the link to the podcast: http://jennyradcliffe.com/episode-42-lisa-forte/ Jenny has interviewed many interesting people over the years, […]

Permissions Creep

Internal threats can be a huge threat.  One things that often ends up happening is something known as permissions creep.  Here’s how it works:Let’s imagine you have been hired by a company to maintain one of their buildings, building A.  So on your first day they give you the keys to building A.  You work […]

What the prisoner’s dilemma can teach us about cyber intelligence sharing.

Cybercrime is increasing year on year. The 2017 cyber breaches survey shows that almost half of UK firms have been hit by cyber breach or attack in the past year. Yet for private companies there appears to be a severe reluctance to share cyber intelligence and vulnerabilities on platforms such as CiSP (Cyber Security Information Sharing […]

Equifax puts in strong bid for most catastrophic data leak in history.

In the latest in a truly blockbuster year for data leaks, American credit reporting company Equifax has announced the loss of highly sensitive data belonging to 143 million Americans. Nearly half the population of the US are thought to be effected. There have been much bigger breaches, but not with this quantity of sensitive information. […]

Leak of the week: 711m email addresses

A French malware researcher has found an online database of 711 million email addresses, in some cases with the associated passwords for that account. The list was apparently for email spamming and is potentially the largest of its kind. Actions: You can check whether your email address is in this (or earlier) data leaks on at https://haveibeenpwned.com. […]

Cyber Security in South Korea Part 2 : Trust, Cyber-Security and Wannacry

In my first article on South Korea I looked at some unique solutions to protecting citizens and businesses from the cyber threat. In this second article on South Korea I look more closely at how corporate culture relates to cyber-crime risk in South Korea, both in the context of Social Engineering attacks like phishing and how it […]

South Korea 1: An Ultra-Connected Nation On The Alert

In the first of two blog articles on cyber security and tech in South Korea, I am looking at the pervasive use of technology in the country and how it is used differently to the UK. South Korea has had a turbulent history. Many argue this turbulence still has not ended thanks to their somewhat unpredictable […]